Hmm... If your users don't have Administrator rights and you wanted to disable all printing I suppose you could use Group Policy to force the "Spooler" service to "Disabled".
There are some applications (Microsoft Access comes to mind) that need to get a device context to a printer before they will work (the "Reports" feature in Access works like this), so disabling the Spooler service is probably not the best idea in practice, but it would work in theory.
If you can test your applications and verify that they work with the Spooler service stopped and disabled then that's a very easy setting to set domain-wide.
It might be more practical to just not configure any local printers on the client computers and set the group policy option to prevent users from adding printers.
If ALL of the printers are "print server only printers" on a Windows server in your organization, then you could always create a DENY in the security settings of the printer, or just limit the security to those that are allowed to print to the printers.
That would prevent everything but creating a local printer using a TCP/IP port, but like Evan said you can use a GPO or remove them as admins to accomplish that part of it.
You can get 98% of the way there by making sure the user does not have local admin privileges, that there is no local printer already attached, and that there is no server-based network printer to which they have rights.
If you can't get by the local admin restriction, stopping the spooler service (as Evan suggested) might work. There is also a Group Policy setting to prevent users from installing printer drivers. But someone with local admin rights who knows what they are doing will be able to get something printed eventually.
Hmm... If your users don't have Administrator rights and you wanted to disable all printing I suppose you could use Group Policy to force the "Spooler" service to "Disabled".
There are some applications (Microsoft Access comes to mind) that need to get a device context to a printer before they will work (the "Reports" feature in Access works like this), so disabling the Spooler service is probably not the best idea in practice, but it would work in theory.
If you can test your applications and verify that they work with the Spooler service stopped and disabled then that's a very easy setting to set domain-wide.
It might be more practical to just not configure any local printers on the client computers and set the group policy option to prevent users from adding printers.
I like Evan's answer but I'll add one more.
If ALL of the printers are "print server only printers" on a Windows server in your organization, then you could always create a DENY in the security settings of the printer, or just limit the security to those that are allowed to print to the printers.
That would prevent everything but creating a local printer using a TCP/IP port, but like Evan said you can use a GPO or remove them as admins to accomplish that part of it.
You can get 98% of the way there by making sure the user does not have local admin privileges, that there is no local printer already attached, and that there is no server-based network printer to which they have rights.
If you can't get by the local admin restriction, stopping the spooler service (as Evan suggested) might work. There is also a Group Policy setting to prevent users from installing printer drivers. But someone with local admin rights who knows what they are doing will be able to get something printed eventually.